Short answer: Yes
Banks are constantly fighting a battle against internet criminals. It is tough for them to do that, especially since law enforcement is not yet sufficiently equipped to help them. Security is a big issue for banks coming at high costs.
But there is a relatively simple opportunity for banks to prevent phishing and that is switching to a .bank domain. It is impossible for criminals to register a .bank domain. So instead of banks educating the public on what is left of the dot it is much easier to educate the public that if the domain name is not a .bank then it is not a bank.
The process of registering a .bank domain is quite difficult and that is a good thing. The requirements are very strict and therefor registering a .bank domain is more a project than a domain registration process. But only banks can register a .bank domain. Nobody else! That means that you have a 100% guarantee that a .bank domain belongs to a bank.
Basically it boils down to the following project that a bank has to start:
- Prepare the proof that you are a bank and that the people involved in the domain registration process are authorised to do so.
- Prepare a migration plan from your current domain and website to a .bank domain and website
- Setup your nameservers in the .bank zone with all requirements like DNSSEC, DMARC etc
- Arrange a high end SSL certificate
- Prepare a migration plan for moving your email infrastructure to a .bank domain
- Prepare a marketing plan to educate your customers to only trust your bank when a .bank domain is used.
Will it stop phishing? No, criminals will still try. But at a relatively low budget it is so much easier to prevent phishers to be successful and that should be enough reason for all banks to move their websites and email to a .bank domain. There is basically no excuse given the huge amount of daily phishing attempts.
Openprovider has a lot of experience with .bank domains and is a top10 registrar of .bank domains.